Frequently Asked Questions
About the Sarbanes –
Oxley Certification for IT and Security Professionals
(SOX–ITSEC)
Welcome to the Sarbanes – Oxley Certification
for IT and Security Professionals (SOX–ITSEC)
FAQ. You will find answers to commonly asked questions
about our program.
Q1. What is the SOX–ITSEC Certification?
A1: SOX–ITSEC is a vendor neutral certification
program that has been designed to prove that IT and
information security professionals have the knowledge
and skills needed to understand and support Sarbanes-Oxley
compliance.
Q2. What is the benefit of SOX–ITSEC
Certification?
A2: Sarbanes – Oxley Certification for IT and
Security Professionals (SOX–ITSEC) can benefit
employees, consultants and organizations
Employees and Consultants
SOX–ITSEC provides Consultants, IT and Information
Security Directors, Managers and Professionals, Chief
Risk and Compliance Officers, Process Owners, Network,
System and Security Administrators with the following
benefits:
1. Earn more money: Several recent salary surveys
reveal the power of certification to boost income.
These surveys show certified professionals earn more
money than non-certified professionals, as their skills
grow and can command a higher paycheck.
2. Get a better position: Certification is important
when being considered for a promotion or other career
opportunities. You give the necessary assurance that
you have the knowledge and skills to accept more responsibility.
3. Get a better job: It will be easier to move on
to another position to get more money and more desirable
positions. This certification will differentiate yourself
from your competitors.
4. Establishes professional credentials: Certification
is an advantage on your resume, serving as a third-party
endorsement to your knowledge and experience. Certification
and training listed on your resume demonstrates your
ability and your desire to stay current.
Organizations
SOX–ITSEC provides organizations with the following
benefits:
1. Independent evidence: SOX–ITSEC certification
serves as independent evidence that you have the skills
required to understand and support the Sarbanes Oxley
compliance project.
2. Job satisfaction: Certified employees are more
satisfied and more productive than their non-certified
counterparts.
3. COSO and COBIT frameworks: A Sarbanes Oxley certification
is not just one more class. It is a vital part of
the compliance project and will satisfy the requirements
of the COSO and COBIT control frameworks.
4. Due care: Certified professionals will greatly
assist employers in being able to construct a viable
Sarbanes Oxley compliance program, and to prove that
they exercise due care.
Q3. How long is the exam?
A3: A candidate is given two hours to complete a 60
multiple-choice question exam.
Q4. What score to I need to pass the exam?
A4: A candidate must score a 70% or higher.
Q5. How much will it cost to get certified?
A5: The price for the SOX–CERT examination is
GBP 150
Q6. Is training necessary in order to obtain
certification?
A6: No, it is not necessary, but it is highly recommended.
You will probably need to prepare before taking this
exam. Self-study is an alternative, but classroom
training can provide the fast track to certification
readiness.
Q7. Where can I get training?
A7: In UK: Net-Security Training, York House, Empire
Way, Wembley Park, Middlesex, HA9 0PA
Tel: +44 20 8900 9015 Email: info@net-security-training.co.uk
Q8: What are the prerequisites for taking
the exam
A8: None, although to fully understand the material
and pass the exam, most candidates need a minimum
of four years of full-time IT and/or security professional
work experience. No Sarbanes Oxley experience is required.
Q9. How long is the certification valid?
A9: The certification is valid for three years.
Q10. What will the SOX–ITSEC exam cover?
A10: The SOX–ITSEC exam will cover the following
areas:
• The Sarbanes-Oxley Act of 2002
• Companies Affected
• Employees Affected
• Effective Dates
• SEC
• EDGAR
• PCAOB
• The Sarbanes-Oxley Act and its interpretation
by the PCAOB
• Scope of Sarbanes Oxley Project
• Internal Controls
• The Internal Control — Integrated Framework
by the COSO committee
• Using the COSO framework effectively
• The control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
• IT Controls
• IT Controls and Sarbanes Oxley Act Relevance
• Program Development and Program Change
• COSO Enterprise Risk Management (ERM) Framework
• Internal Environment
• Objective Setting
• Event Identification
• Risk Assessment
• Risk Response
• Control Activities
• Information and Communication
• Monitoring
• ERM – Application Techniques
• COBIT - the framework that focuses on IT
• Executive Summary
• Management Guidelines
• Framework
• Control Objectives
• Implementation Toolset
• Activities and Tasks
• Processes
• Domains
• Information criteria
• IT resources
• IT processes
• COBIT Cube
• Maturity Models
• Critical Success Factors (CSFs)
• Key Goal Indicators (KGIs)
• Key Performance Indicators (KPIs)
• Meeting the Information Security Requirements
of SOX
• SOX and Risk Assessments
• IT Security
• The alignment of frameworks
• COSO and COBIT
• COSO ERM and COBIT
• ITIL and COBIT
• ISO/IEC 17799:2000 and COBIT
• ISO/IEC 15408 and COBIT
• COSO, COBIT and Sarbanes-Oxley Sections 302
and 404
• Testing, Reports and Documentation
• Reports used to Validate SOX Compliant IT
Infrastructure
• Reporting Weaknesses and Deficiencies
• Documentation Issues
• SOX Testing
• Records Retention
• Real-time Disclosure
• Sarbanes Oxley and other regulations
• European Answer to SOX
• Integrating Sox IT security with GLBA, HIPAA
and other regulations
Back to SOX
detail
|
